In a statement issued today by the
Information Commissioner’s Office, a spokesperson said:

“Earlier today
Google contacted the ICO to confirm that it still had in its
possession some of the payload data collected by its Street View
vehicles prior to May 2010. This data was supposed to have been
deleted in December 2010. The fact that some of this information
still exists appears to breach the undertaking to the ICO signed by
Google in November 2010.

“In their letter
to the ICO today, Google indicated that they wanted to delete the
remaining data and asked for the ICO’s instructions on how to
proceed. Our response, which has already been issued, makes clear
that Google must supply the data to the ICO immediately, so that we
can subject it to forensic analysis before deciding on the necessary
course of action.

“We are also in
touch with other data protection authorities in the EU and elsewhere
through the Article 29 Working Party and the GPEN network to
coordinate the response to this development.

“The ICO is
clear that this information should never have been collected in the
first place and the company’s failure to secure its deletion as
promised is cause for concern.”

… Cryptocat is an encrypted
web-based chat. It’s the first chat client in the browser to allow
anyone to use end-to-end encryption to communicate without the
problems of SSL, the standard way browsers do crypto, or mucking
about with downloading and installing other software. For Kobeissi,
that means non-technical people anywhere in the world can talk
without fear of online snooping from corporations, criminals or
governments.

… When he flies through the US,
he’s generally had the notorious “SSSS” printed on his boarding
pass, marking him for searches and interrogations — which Kobeissi
says have focused on his development of the chat client.

(Related) If you can't be secure, you
should at least try to detect eavesdroppers.

… In a talk at
the Defcon hacker conference this weekend, forensics expert and
former Pentagon contractor Michael Robinson plans to give a talk on
how to detect a range of commercial spyware, programs like MobileSpy
and FlexiSpy that offer to let users manually install invisible
software on targets’ phones to track their location, read their
text messages and listen in on their calls, often for hundreds of
dollars in service fees.

Robinson tested
five commercial spying tools on five different devices–four Android
devices and an iPhone. In most cases, he found that uncovering
the presence of those spyware tools is often just a matter of digging
through a few subdirectories to find a telltale file–one
that often even specifies identifying details of the person doing the
spying.

"There is
no guarantee that the two companies, which are not in negotiations at
the moment, will come to an agreement. But the earlier talks are a
sign that they may form a stronger partnership amid intensifying
competition from the likes of Google and Facebook. Apple has not
made many friends in social media. Its relationship with Facebook,
for example, has been strained since a deal to build Facebook
features into Ping, Apple's music-centric social network, fell apart.
Facebook is also aligned with Microsoft, which owns a small stake in
it. And Google, an Apple rival in the phone market, has been pushing
its own social network, Google Plus. 'Apple doesn't have to own a
social network,' Timothy D. Cook, Apple’s chief executive, said at
a recent technology conference. 'But does
Apple need to be social? Yes.'"

Those are my tax dollars!
(Well, maybe not all $8 Billion) Perhaps this is a case of “What's
the worst they can do to us?” I still point to a HBR article that
claimed no IT project that takes longer than six months should ever
be funded.

"The Federal Times has the
stunning (but not surprising) news that a new audit found six Defense
Department modernization projects to be a
combined $8 billion — or 110 percent — over budget. The
projects are also suffering from years-long schedule delays. In
1998, work began on the Army's Logistics Modernization Program (LMP).
In April 2010, the General Accounting Office issued a report titled
'Actions Needed to Improve Implementation of the Army Logistics
Modernization Program' about the
status of LMP. LMP is now scheduled to be fully deployed in
September 2016, 12 years later than originally scheduled, and 18
years after development first began! (Development of the
oft-maligned Duke
Nukem Foreveronly took 15 years.)"

It is easier for the Judge
to remind the witness than for Tony Soprano's soldiers to show up at
your home and point out your failing memory. “Youse didn't see
nothin!”

Science has prevailed over injustice in
the state of New Jersey, where all jurors will soon learn about
memory’s unreliability and the limits of eyewitness testimony.

According to instructions
issued July 19 by New Jersey’s Supreme Court, judges must tell
jurors that “human memory is not foolproof,” and enumerate the
many ways in which eyewitness recall can be distorted or
mistaken.

“Look, we already own everything. We
let you pretend you own it, but you only rent it (pay taxes) until we
want it again.” Any Government

The United States government said
Friday that even if the indictment of the Megaupload corporation is
dismissed, it can continue its indefinite freeze on the corporation’s
assets while it awaits the extradition of founder Kim Dotcom and his
associates.

Judge Liam O’Grady is weighing a
request
to dismiss the indictment against Megaupload because (in
Megaupload’s view) the federal rules of criminal procedure provide
no way to serve notice on corporations with no U.S. Address. At a
hearing in Alexandria, Virginia, he grilled both attorneys in the
case but did not issue a ruling.

O’Grady speculated, with evident
sarcasm, that Congress intended to allow foreign corporations like
Megaupload to “be able to violate our laws indiscriminately from an
island in the South Pacific.”

… But Judge O’Grady seemed
skeptical of these argument. He noted that the “plain language”
of the law required sending notice to the company’s address in the
United States. “You don’t have a location in the United States
to mail it to,” he said. “It’s never had an address” in the
United States.

And Megaupload pointed out that the
government hadn’t produced a single example in which the government
had satisfied the rules of criminal procedure using one of the
methods it was suggesting in this case. Most of the precedents the
government has produced were in civil cases, which have different
rules. And most involved serving a corporate parent via its
subsidiary. That’s a very different relationship than, for
example, the vendor-customer relationship between Megaupload and
Carpathia.

… Hollywood, at least, seems
nervous that Judge O’Grady might buy Megaupload’s argument. In a
conference call held Wednesday in advance of today’s hearing, a
senior vice president at the Motion Picture Association of America
argued that the dismissal of the case against Megaupload would have
little practical impact, since the company’s principals would still
be facing indictment. And he rejected Kim Dotcom’s efforts to
frame the case as a test of internet freedom, describing Dotcom as a
“career criminal” who had grown wealthy stealing the work of
others.

Looks like someone has
figured out how to evolve from paper to digital...

Financial
Times: Our Digital Subscribers Now Outnumber Print, And Digital Is
Half Of The FT’s Revenue

A milestone reached as the world of old
media continues
its push in a digital direction: the storied, pink-sheeted daily
newspaper the Financial
Times, read by 2.1 million readers daily, today said digital
subscribers now outnumber those in print, and that digital revenues
now account for half of all sales in the FT Group. And
what’s more, sales actually grew rather than declined.

… The positive numbers are a
pointer to how the FT’s freemium model, mixing limited free content
with tiers of wider content access for those willing to pay, can work
(those tiers are here;
in the UK they are £5.19 or £6.79 per week). The lowest tier in
that model is, predictably, the most popular at the moment:
registered site users — you can register on FT.com for a limited
amount of free content monthly — were up by 26% to 4.8 million.

This is looking more
'do-able' every day. Still takes some analysis and geeky-ness

"More and more people are
joining the ranks of 'cord-cutters' — those who cancel their cable
TV subscriptions and get their televisied entertainment either for
free over the airwaves or over the Internet. But, assuming you're
going to do things legally, is this really a cheaper option? It
depends on what you watch. Brian Proffitt contemplated this move,
and he walks you through the
calculations he made to figure out the prices of cutting the cord.
He weighed the costs of various a la carte and all-you-can-eat
Internet streaming services, and took into account the fact that
Internet service on its own is often pricier than it would be if
bundled with cable TV."

The Atlanta-based
company, which processes card transactions for banks and merchants,
recorded a pre-tax charge for the amount, equal to 68 cents of
diluted per-share earnings, in the fiscal fourth quarter. The amount
reflects expected charges from payment networks such as Visa Inc. (V)
and MasterCard Inc. (MA) and expenses related to its investigation
and remediation of the matter.

There seems to be a controversy over
what was on the drive. According to the individual who found it, it
contained “names, dates of birth, emails, course details, exam
results, work timetables and even photographs of students.” But
the college disputes the extent of the breach:

However, West
Cheshire College have denied there was any sensitive information on
the hard drive, and said in a statement: “We conducted an
investigation as to the contents of the hard disk and test dates
including names and dates of births of less than 60 students were
found on the disk with no further relevant information.

The person who acquired the drive made
a backup copy of it and is turning it over to the ICO for
investigation. If the college turns out to be misrepresenting the
scope of the breach, that shouldn’t sit well with the ICO.

No doubt the thought police will need
to have a talk with the judge. (and another illustration that
Churchill was right about the divisions of a common language)

… According to the
Guardian, the lord chief justice, Lord Judge, said:

We have concluded
that, on an objective assessment, the decision of the crown court
that this 'tweet' constituted or included a message of a menacing
character was not open to it. On this
basis, the appeal against conviction must be allowed.

"A key component of the FAA's
emerging 'Next Gen' air traffic control system is fundamentally
insecure and ripe
for manipulation and attack, security researcher Andrei Costin
said in a presentation Wednesday at Black Hat 2012. Costin outlined
a series of issues related to the Automatic Dependent
Surveillance-Broadcast (ADS-B) system, a replacement to the
decades-old ground radar system used to guide airplanes through the
sky and on the ground at airports. Among the threats to ADS-B: The
system lacks a capability for message
authentication. 'Any attacker can pretend to be an
aircraft' by injecting a message into the system, Costin said.
There's also no mechanism in ADS-B for
encrypting messages. One example problem related
to the lack of encryption: Costin showed a screen capture showing the
location of Air Force One--or that someone had spoofed the system."

For my Data Analysis and Data Mining
students. Also, some implications for the Privacy Foundation?

Big
Data: "Experts say new forms of information analysis will
help people be more nimble and adaptive, but worry over humans’
capacity to understand and use these new tools well. Tech experts
believe the vast quantities of data that humans and machines will be
creating by the year 2020 could enhance productivity, improve
organizational transparency, and expand the frontier of the “knowable
future.” But they worry about “humanity’s dashboard” being
in government and corporate hands and they are anxious about people’s
ability to analyze it wisely." Janna Quitney Anderson, Elon
UniversityLee Rainie, Pew Research Center’s Internet &
American Life Project July 20, 2012

"Google, Facebook, eBay and
Amazon have apparently set
up the Internet Association to lobby the US government on issues
relating to online business. From the article: 'The Internet
Association, which will open its doors in September, will act as a
unified
voice for major Internet companies, said President Michael
Beckerman, a former adviser to the chairman of the U.S. House of
Representatives' Energy and Commerce Committee.'"

One possible future. But,
is the pricing right? And, is it good to be a guinea pig?

After months of mystery, Kansas City
residents learned today that the first high-speed citywide network
built by Google will bring them not just super-fast internet but
full-featured cable-style TV service. Google said in a live
announcement Thursday morning that the neighborhoods that rally
the most interest will be the first to get hooked up to Google’s
fiber-optic lines, which the company says will offer 1
gigabit-per-second downloads and uploads — far faster (Google says
100 times) than the typical broadband connections now in most U.S.
homes.

Google is always tweaking its bits and
parts. In the latest little change, Google has added a very useful
scientific calculator to its search engine. Google Search has always
had a calculator. It is just that you had to type in the figures and
Google would deduce the results for you and display it in bold above
the search results. Now, Google has enhanced that same functionality
and added a full-fledged scientific calculator to the search page.

Thursday, July 26, 2012

The TSA, DHS and
countless other security agencies have been established to keep
America safe from terrorist attacks in post-9/11 America. How far
beyond that does the feds’ reach really go, though?

The attacks
September 11, 2001, were instrumental in enabling the US government
to establish counterterrorism agencies to prevent future tragedies.
Some officials say that they haven’t stopped there, though, and are
spying on everyone in America — all in the name of national
security.

Testimonies
delivered in recent weeks by former employees of the National
Security Agency suggest that the US government is granting itself
surveillance powers far beyond what most Americans consider the
proper role of the federal government.

The ex-wife of a
wealthy businessman must pay him $20,000 for installing spyware on
his computers and using it to illegally intercept his emails to try
to gain an upper hand in their divorce settlement, a federal judge in
Tennessee ruled.

U.S. Magistrate
Judge William Carter ordered Crystal Goan to pay ex-husband James Roy
Klumb $20,000 for violating federal and state wiretap laws when she
used Spectorsoft’s eBlaster spyware to intercept Klumb’s email.

George
Washington University law professor Orin Kerr and Greg Nojeim, senior
counsel at the Center for Democracy & Technology, ponder how far
the government can go in reading your email. Their essays can be
found in Patriots Debate: Contemporary Issues in National
Security Law, a book published by the ABA Standing Committee on
Law and National Security and edited by Harvey Rishikof, Stewart
Baker and Bernard Horowitz. The book can be ordered here.

Not uncommon. The first
report from any new part of the bureaucracy should state that the job
is nearly impossible (“Don't blame us if we can't do a decent
job.”) but with more money (“We need a bigger bureaucracy.”) we
might succeed.

"This inaugural OFR Annual
Report details the Office’s progress in meeting its mission and
statutory requirements. The report must assess the state of the
U.S. financial system, including: (1) An analysis of any threats to
the financial stability of the United States; (2) The status of the
efforts of the Office in meeting its mission; and (3) Key findings
from the research and analysis of the financial system by the
Office... The crisis revealed significant deficiencies in the data
available to monitor the financial system. Financial data collected
were too aggregated, too limited in scope, too out of date, or
otherwise incomplete. The crisis demonstrated the need to reform
the data collection and validation process and to strengthen data
standards, to improve the utility of data both for regulators and
for market participants."

Creative Commons licensing can be a
good way to explicitly state the terms by which people can use and
re-use your creative written, audio, and visual works. But selecting
the license that is right for you can be confusing. Thankfully, as I
learned through a Tweet by Jen
Deyenberg, the Creative Commons organization has a new tool to
help you choose the best license for your situation.

The new interactive Creative
Commons license chooser helps you select the right license for
your work. To select the right license for your work just answer a
few questions and a license will be recommended to you.

Software packagers like Ninite
are at an uptick in popularity now that the old seek-and-download
method is quickly drawing close towards extinction. Imagine what
your kids will think when you tell them that you actually had to
search for and manually update certain essential software in the
future. Crazy, right?

… Soft2Base is a software manager
for Windows that scans for over 60 of the most popular applications
and ensures that your computer is running the very latest version.
If not, Soft2Base can silently download and automatically install
them for you.

… Despite the emphasis on fun, the
game goes to great lengths to be accurate. The learning objectives,
obfuscated behind cute pop culture references like, "I find your
lack of encryption disturbing," include promoting the
accessibility of computer science and computer security; teaching
that there's more to computer security than antivirus and the Web;
and accurately depicting a diverse range of attack techniques and
attacker goals.

SCADA and medical device hacking are
more likely to show up than ransomware, and the techniques you can
use include disinformation; exploiting weak passwords and unpatched
software; and cross-correlating data sources, all in the name of the
good guys.

Switzerland has
confirmed the arrest in Spain of Herve Falciani and are now seeking
extradition of the Italian-French citizen being sought by police in
connection with the theft of customer data from the Geneva branch of
HSBC Private Bank.

[...]

Copies of the HSBC
data, which lists the names and account details of thousands of
customers, is now in the hands of French tax authorities, who are
using it to chase alleged tax dodgers with money stashed in
Switzerland.

Mr. Falciani has
denied preliminary allegations by the Swiss authorities of breaching
banking secrecy and stealing banking records. His home in France was
raided at the behest of Swiss authorities, who had launched a probe
into allegations of violations of bank secrecy.

HSBC announced in
2009 that data on customers had been stolen in 2006 and 2007 by Mr.
Falciani, who had worked at the bank as a computer specialist.

Oregon State
Police currently are investigating a security breach by a vendor who,
while under contract to Oregon State University, copied information
from a check register data base without permission. The action could
have compromised the private information of 21,000 students and
employees who were associated with OSU between 1996
and 2009.

[...]

The 30,000 to
40,000 checks contained information such as names, OSU ID, date,
check number and the amount of the check. Records
after 2004 did not include Social Security numbers. [What percentage
is that? Bob]

"Washington D.C. Metropolitan
Police Department Chief Cathy Lanier says, 'A bystander has the
same right to take photographs or make recordings as a member of the
media,' and backs it up with a General
Order to her Department. Quoting: The Metropolitan Police
Department (MPD) recognizes that members of the general public have a
First Amendment right to video record, photograph, and/or audio
record MPD members while MPD members are conducting official business
or while acting in an official capacity in any public space, unless
such recordings interfere with police activity.'"

Russia’s leading manufacturer of
unmanned aerial vehicles, Zala Aero,
has provided the Russian government with more than 70 unmanned
systems, each containing several aircraft. According to an
article published yesterday on Open Democracy Russia,
the Kremlin’s romance with drones started in 2006, when the
Interior Ministry deployed a Zala
421-04M to monitor street protests at a G8 summit in St.
Petersburg. The Russian government has
also bought drones from Israel.

I had covered a controversial plan in
Oxford to record taxi passengers (audio and video). While media
attention was focused on Oxford City Council, apparently another
council had gone ahead with the plan. Until now. From the
Information Commissioner’s Office:

Southampton City
Council has been ordered to stop the mandatory recording of
passengers’ and drivers’ conversations in the city’s taxis, the
Information Commissioner’s Office (ICO) announced today.

Since
August 2009, the council has required all taxis and private hire
vehicles to install CCTV equipment to constantly record images and
the conversations of both drivers and passengers.

The ICO has ruled
the council’s policy breaches the Data Protection Act, concluding
that the recording of all conversations is disproportionate given the
very low number of incidents occurring compared to the number of
trouble free taxi journeys. An
enforcement notice has been issued to the council who now have
until 1 November to comply.

The majority of Americans are very much
against the practice of tailored political ads, a specific market
that is seeing tremendous growth as we get closer and closer to the
2012 election. In fact, most Americans dislike tailored political
advertising so much they claim it decreases their chance of voting
for a candidate they already support.

The new results come from a 20-minute
questionnaire conducted by a team of researchers at the University
of Pennsylvania's Annenberg
School for Communication. The full findings based on the 1,503
respondents surveyed are in the 28-page document titled "Americans
Roundly Reject Tailored Political Advertising" (PDF).

A working model? At least
a start on that “Best Practices” checklist... (None of these
steps are easy)

"An examination of nine
hospitals that recently implemented a comprehensive electronic
health record (EHR) system finds that clinical and administrative
leaders built EHR adoption into their strategic
plans to integrate inpatient and outpatient care and
provide a continuum of coordinated services.

Successful implementation depended
on:

strong leadership,

full involvement of clinical staff
in design and implementation,

mandatory staff training, and

strict adherence to timeline and
budget.

The EHR systems facilitate patient
safety and quality improvement through: use of checklists, alerts,
and predictive tools; embedded clinical guidelines that promote
standardized, evidence-based practices;
electronic prescribing and test-ordering that reduces errors and
redundancy; and discrete data fields that foster use of performance
dashboards and compliance reports. Faster, more accurate
communication and streamlined processes have led to improved patient
flow, fewer duplicative tests, faster responses to patient
inquiries, redeployment of transcription and claims staff, more
complete capture of charges, and federal incentive payments."

Via Graham Greenleaf: "AustLII
will today launch the
Australasian Colonial Legal History Library. This is the first
version of the Library, containing over 220,000 searchable documents
from before 1900, from the seven Australasian colonies (including New
Zealand). It is being developed in conjunction with NZLII.
Development of further databases is underway and will expand the
Library's contents considerably over the next year. A paper that
AustLII presented at the Australian Historical Association Conference
to explain the Library, 'Digitising and Searching Australasian
Colonial Legal History', is now available for download at SSRN."

Global Warming! Global
Warming! It's good to know that Al Gore made Global Warming illegal!
Or did he make mocking Global Warming illegal?

"Efforts to mitigate climate
change — that is, reduce greenhouse gas (GHG) emissions—have
spawned a host of legal issues. The Supreme Court resolved a big
one in 2007 — the Clean Air
Act (CAA), it said, does authorize EPA to regulate GHG
emissions. Quite recently, a host of issues raised by EPA’s
efforts to carry out that authority were resolved in the agency’s
favor by the D.C. Circuit. Another issue is whether EPA’s
“endangerment finding” for GHG emissions from new motor vehicles
will compel EPA to move against GHG emissions under other CAA
authorities. Still other mitigation issues are (1) the role of the
Endangered Species Act in addressing climate change; (2) how climate
change must be considered under the National
Environmental Policy Act; (3) liability and other questions
raised by carbon capture and sequestration; (4) constitutional
constraints on land use regulation and state actions against climate
change; and (5) whether the public trust doctrine applies to the
atmosphere."

“Any sufficiently
advanced technology is indistinguishable from magic.” A. C. Clarke
Yet, it is only a tool... Question: Can you do better?

"With his Khan
Academy: The Hype and the Reality screed in the Washington Post,
Mathalicious founder Karim
Kai Ani — a former middle school teacher and math coach — throws
some cold water on the Summer
of Khan Love hippies, starting with U.S. Secretary of Education
Arne
Duncan. From the article: 'When asked why so many teachers have
such adverse
reactions to Khan Academy, Khan suggests it's because they're
jealous. "It'd piss me off, too, if I had been teaching for 30
years and suddenly this ex-hedge-fund guy is hailed
as the world's teacher." Of course, teachers aren't "pissed
off" because Sal Khan is the world's teacher. They're concerned
that he's a bad teacher who people think is great; that the guy who's
delivered over 170 million lessons to students around the world
openly brags about being unprepared and considers the precise
explanation of mathematical concepts to be mere "nitpicking."
Experienced educators are concerned that when bad teaching happens
in the classroom, it's a crisis; but that when it happens on YouTube,
it's a "revolution."'"

I've been using LightShot
in Firefox for some time and really like it. I can capture just the
part of the screen I want to emphasize and paste it into my document
(or save or edit online)

We recommend you to install the desktop
module to make Lightshot work properly even without browser. This
additional module allows you to screen Flash, Online video and
anything on your screen even beyond your browser.

With desktop Lightshot you can start
screenshot by pressing PrntScr hotkey in any Windows application.

Here’s a follow-up on a breach
originally reported last
year. Michael Lee reports:

Following a leak
of client information, the Australian Privacy Commissioner has
determined that Medvet Laboratories breached the Privacy Act, despite
there being no client bank account details, customer names or test
results exposed online.

The privacy bungle
was first reported
by The Australian on 16 July 2011, which stated that the
South Australia Health-owned organisation had compromised the privacy
of customers who had ordered kits to test for illicit drugs and
alcohol.

An investigation by The Weekend
Australian has revealed that the complete home and work addresses of
customers and others who ordered paternity test kits, drug and
alcohol test kits and other products this year and last year are
published and accessible on Google.

[From ZDNet:

According to the Privacy
Commissioner's report, the source of the leak of information was
Medvet's online web store, which was developed by Canadian software
development company Iciniti Corporation. The Commissioner found that
the software did not include appropriate security
and that the development and quality management practices associated
with it were deficient. In the Commissioner's investigation, the
software was found to have multiple security flaws, and the
Commissioner believed that very little security testing had been
performed.

Another group of malicious people have
started a new Facebook scam that will spam your poor unsuspecting
friends with wall posts and constant annoyances. Chances are, you
will stumble across this scam via a friend who themselves fell for
it. You may see a wall post or message that “tells” you how many
people viewed your Facebook profile today. It will also give you the
number of male and female viewers.

Of course, it is impossible for the app
to grant you this information as Facebook does not allow developers
to get access to any data on visitors to a specific profile. This
does not prevent people from being interested in such a feature, and
when an app like this comes along promising to deliver, people are
far too quick to install.

… If you already installed this
app, you can lessen any damage by uninstalling it as soon as
possible. Click the triangle on the top right of any Facebook page,
click account settings and then apps. From here, you will be able to
uninstall this app, which will be called “profile viewer,” from
your profile.

There is nothing like a
firm “Maybe.” Should they have said “legally OR technically
possible?”

Video chat
provider Skype has refused to deny that wiretaps can now be used to
infiltrate its hosted conversations, according to a news report.

After repeatedly
putting the question to Skype representatives, a Slate reporter’s
inquiries were met with the vague response: “[Skype] co-operates
with law enforcement agencies as much as is legally and technically
possible.” The problem is, it looks as though interception is now
a legal and technical possiblity.

Skype’s latest
statement has raised a few eyebrows because it is so markedly
different from the company’s previous public declarations that
because of its “peer-to-peer architecture and encryption
techniques,” wiretapping would be impossible.

This appears to be TRMC’s second
reported breach this year. On May 24th, they posted a notice
on their web site that says, in part:

Public Notice
5/24/12 – EMS Laptop and X-Ray Storage Breach

In compliance
with ARRA/HITECH provisions of HIPAA, the following is a public
notification of lost and/or stolen patient information in two
separate unrelated incidents:

On March 28,
2012, a laptop computer owned by Titus Regional Medical Center’s
Emergency Medical Services was confirmed lost during a routine
patient transportation. The laptop is not believed to have been
stolen, rather inadvertently left on the fender of ambulance with
subsequent fall and loss during route. The data was encrypted and
password protected and the computer may have been damaged and
rendered inoperable. There is a possibility that personal data,
including name, address and social security number, as well as a
limited amount of medical data related to the services provided by
the EMS department could have been accessed in the unlikely event the
computer was opened, running and undamaged.

On March 30,
2012, we became aware that there had been a break-in at our Bremerton
office. Computers and electronic devices were taken, some of which
contained sensitive information. A police report was immediately
filed and every effort made to recover the information.

A thorough
assessment was conducted to determine what sensitive information may
have been compromised. Every effort has been made to contact people
whose information may have been affected. A total of 3,040 LCSNW
clients, volunteers and staff were sent letters notifying them of the
situation.

The kinds of
sensitive information involved differed a lot by program, but could
include:

Name, Address, Phone Number or
Email

Date of Birth

Social Security Number

Driver’s License or
Washington ID Number

Income or payment information
about services received

Information about client
conditions, treatment and/or service information or diagnosis

On March 26,
2012, we discovered that our Patient Service Center located at 2012
17th Street, Bakersfield California 93301 had been broken into and
that, among other things, lab requisition forms which were kept in a
locked cabinet were missing from the center. We were able to
determine that the missing forms are related to certain laboratory
services provided between February 1, 2012 and March 23, 2012. So,
if you received services at this location during that timeframe, the
confidential information taken may have contained your name, address,
phone number, date of birth, insurance information, ordering
practitioner’s name and laboratory tests ordered.

The Bakersfield
Police Department was notified of the break-in for investigation and
possible prosecution of the person(s) responsible. Since then, PAL
has taken additional steps to ensure this type of information is more
secure, as these documents are no longer kept at PAL patient service
centers.

CHATTANOOGA,
Tenn. — Volunteer State Health Plan (VSHP) has notified
approximately 1,100 of its BlueCare members that some of their
protected health information was lost last month when envelopes
mailed to a West Tennessee clinic were damaged in shipping through
the U.S. Postal Service. No patient addresses or Social Security
numbers were among the data.

VSHP, a
Medicaid managed care organization, investigated the report
immediately and discovered that the damaged mail had been sent to
Comprehensive Counseling Network. Each
envelope contained a check to pay for medical visits and a list of
claims for those visits. The checks were not damaged, but the lists
of claims were lost at the post office. The postal service has not
found them.

The data
contained on the missing lists includes:

* First and
last name of member* BlueCare ID number*
Date of service* Procedure code* Claim
number* Total charged* Amount paid*
Provider name and address

In addition to
notifying BlueCare members about the incident, VSHP has implemented a
new procedure of sending payments and claims lists in reinforced
envelopes. This process will continue until clinics are transitioned
to electronic fund transfer, eliminating the need to mail checks.

So there you have it: the HHS breach
tool serves a valuable function in alerting us to the occurrence of
incidents, but it generally fails to provide us with sufficient
information to understand the incidents. I continue to think that
HHS should be posting more details about incidents.

… As a matter of
policy, when should targets of digital evidence investigations
receive notice of the court orders? And when and how should they be
allowed to challenge the orders as unlawful? In a traditional
criminal case, suspects don’t receive notice that they are subjects
of monitoring. When the government decides to “tail” a suspect
around town, they don’t send them a letter letting them know.
Suspects receive notice only in specific contexts, such as if their
home is searched pursuant to a warrant. And they have to wait to
bring challenges until late in the game. In the case of a warrant,
for example, the defendant challenge the warrant until after it has
been executed. [Should all warrants eventually be
disclosed? Bob] The question is, if you were writing the
statutory network surveillance laws, when would you impose a
statutory notice requirement and when would you allow challenges to
be brought? Would you try to match overall amount of notice in
digital investigations to that of traditional physical
investigations? Or would you aim for more or less notice in the
electronic setting than in the physical setting? Would you allow
challenges to surveillance practices as they were ongoing, or would
you require challenges to wait until the order had been executed?

MIT graduate Oliver
Yeh recently built a service called Stalkbook
that he claims allows you to stalk people on Facebook even if you're
not friends with them on the social network. Yeh has a simple but
malicious trick: he uses other Facebook users' credentials to view
whichever profile you want to stalk.

When I went to the site, typed in "Mark
Zuckerberg" and clicked "Stalk," I was greeted with
the following message: "Stalking is considered to be morally
wrong. Why don't you try talking to the person instead."
Stalkbook hasn't been released publicly, but Yeh has demoed it to
select individuals.

In an interview with IEEE,
Yeh explained in further detail how Stalkbook works:

Ethical Hackers: I know your are
saying, “Well, Duh!” But, not everything we teach is common
knowledge. Use your skills for good, Grasshopper.

Brocious, who is expected to present
his findings at the Black Hat security conference tomorrow, showed
Forbes how he is able to open hotel doors with a gadget he built
with materials costing less than $50.

For my “Geeks with ideas” I wonder
how many teachers have had this experience?

With successes like the Pebble
smart watch, crowd-funding is becoming more and more attractive
to startups. But maybe you aren’t even at the startup stage in
your idea. Maybe all you have is an idea and a computer. That’s
where Noodlecrumbs
comes into the picture.

It’s a new type of crowd-funding for
those of who don’t quite know how much we need to make the dream a
reality. In fact, Noodecrumbs could be used by someone who doesn’t
even want to build the actual product, but just wants it to be built.
I have friends who pitch me ideas all the time, and
I say, “sounds good, build it.” Most of the time,
they say they don’t have time or don’t know how, but they’d
love to use the product. That’s the perfect situation for
Noodlecrumbs.

Monday, July 23, 2012

"Many Aussies across New South
Wales and South Australia had a bit of a shock this morning when they
received an SMS threatening
them with assassination. Although somewhat varied, the messages
have typically read, 'Someone paid me to kill you. If you want me to
spare you, I'll give you two days to pay $5000. If you inform the
police or anybody, you will die, I am monitoring you', and signed
with the e-mail address killerking247@yahoo.com.
Police and the Australian Competition and Consumer Commission have
warned that the messages are almost certainly fake, and that no
dialogue should be entered into with scammers."

News
release: "Smart grid deployments are creating exponentially
more data for utilities and giving them access to information they’ve
never had before. Accessing, analyzing, managing, and delivering
this information – to optimize business operations and enhance
customer relationships – is proving to be a daunting task.
Somewhere in this data deluge lies the path to greater efficiencies,
but how will access to this new data change the way utilities drive
their businesses? Will predictive analytics spur operational change?
Oracle recently surveyed 151 North American senior-level executives
at utilities with smart meter programs in place and gauged their
perceptions on the business impact of “big data,” preparedness to
handle data growth, and plans to extract optimal business value from
this data to better target, engage with and serve customers. The
"Big Data, Bigger Opportunities" report is the first in
Oracle's “Utility Transformations” series, which will
examine how utilities use information generated from smart grid
deployments to drive greater organizational efficiency, more reliable
service, and stronger customer relationships."

From
Overload to Impact: An Industry Scorecard on Big Data Business
Challenges

"IT powers today’s enterprises,
which is particularly true for the world’s most data-intensive
industries. Organizations in these highly specialized industries
increasingly require focused IT solutions, including those developed
specifically for their industry, to meet their most pressing business
challenges, manage and extract insight from ever-growing data
volumes, improve customer service, and, most importantly, capitalize
on new business opportunities. The need for better data management
is all too acute, but how are enterprises doing? Oracle surveyed
333 C-level executives from U.S. and Canadian enterprises spanning 11
industries to determine the pain points they face regarding managing
the deluge of data coming into their organizations and how well they
are able to use information to drive profit and growth.

94% of C-level executives say
their organization is collecting and managing more business
information today than two years ago, by an average of 86% more

29% of executives give their
organization a “D” or “F” in preparedness to manage the data
deluge

93% of executives believe their
organization is losing revenue – on average, 14% annually – as a
result of not being able to fully leverage the information they
collect.

Nearly all surveyed (97%) say
their organization must make a change to improve information
optimization over the next two years.

Industry-specific applications are
an important part of the mix – 77% of organizations surveyed use
them today to run their enterprises…and they are looking for more
tailored options."

For my Students. Intros to many online
tools including Facebook and Linkedin...

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.